<?xml version="1.0" encoding="UTF-8"?>
<bom:bom xmlns:bom="http://cyclonedx.org/schema/bom/1.6"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         version="1"
         xsi:schemaLocation="http://cyclonedx.org/schema/bom/1.6"
         serialNumber="${serialNumber}"
         specVersion="1.6"
         bomFormat="CycloneDX"
        >
    <bom:metadata>
        <bom:lifecycles>
            <bom:phase>pre-build</bom:phase>
        </bom:lifecycles>
        <bom:timestamp>${timestamp}</bom:timestamp>
        <bom:components>
            <bom:type>application</bom:type>
            <bom:supplier>
                <bom:name>苏州棱镜七彩信息科技有限公司</bom:name>
            </bom:supplier>
            <bom:group>com.ljqc</bom:group>
            <bom:name>sbom-generate-tool</bom:name>
            <bom:version>1.0.0</bom:version>
            <bom:description>sbom生成工具</bom:description>
            <bom:scope>required</bom:scope>
            <bom:licenses>
                <bom:license>
                    <bom:id>MulanPSL-2.0</bom:id>
                    <bom:name>Mulan Permissive Software License 2.0</bom:name>
                    <bom:url>https://spdx.org/licenses/MulanPSL-2.0.html</bom:url>
                </bom:license>
            </bom:licenses>
        </bom:components>
    </bom:metadata>
    <bom:components>
        <#list packages as package>
            <bom:component>
                <bom:type>library</bom:type>
                <bom:bom-ref>${package.id}</bom:bom-ref>
                <bom:name>${package.name}</bom:name>
                <bom:version>${package.version}</bom:version>
                <#if package.description?? && package.description != "NOASSERTION">
                <bom:description>${package.description}</bom:description>
                </#if>
                <#if package.externalRef?? && package.externalRef != "NOASSERTION">
                <bom:purl>pkg:${package.externalRef}</bom:purl>
                </#if>
                <#if package.checksum?? && package.checksum != "NOASSERTION">
                <bom:hashes>
                    <bom:hash>
                        <bom:alg>MD5</bom:alg>
                        <bom:content>${package.checksum}</bom:content>
                    </bom:hash>
                </bom:hashes>
                </#if>
                <#if package.licenseConcluded?? && package.licenseConcluded != "NOASSERTION">
                <bom:licenses>
                    <bom:license>
                        <bom:id>${package.licenseConcluded}</bom:id>
                    </bom:license>
                </bom:licenses>
                </#if>
            </bom:component>
        </#list>
    </bom:components>
    <bom:dependencies>
        <#list dependencies as dep>
            <bom:dependency>
                <bom:ref>${dep.parentId}</bom:ref>
                <bom:dependsOn>
                    <#list dep.names as name>
                        <bom:ref>${name}</bom:ref>
                    </#list>
                </bom:dependsOn>
            </bom:dependency>
        </#list>
    </bom:dependencies>
</bom:bom> 